Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Are You Ready For Cybersecurity Mesh? | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

As Chief Availability Officer (CAO), Lou Senko leads Q2’s hosting, security and compliance teams to deliver an enhanced customer experience.

Let’s say you want to protect your home and belongings. You get one alarm system for your doors and windows, another for the cars in the garage, another for your high-end electronics and one for the safe in your bedroom. Now you have all these various systems, but they can’t communicate with each other. So, if someone breaks in through a window, none of the other systems are notified to take action, even though it’s obvious that if a bad actor gets into one area, all areas will then be compromised.

But what if the systems were connected and could quickly act to lock down your home, garage and all of the property within whenever an anomaly was detected? For instance, if the garage side door is opened at 3 a.m., the system disables the overhead garage doors and the cars’ ignitions, locks all doors going into the house and calls you with an alert. If it turns out it was just your teenager sneaking in through the side door, the whole system can be reset and access granted.

That’s the idea behind the latest strategy in cybersecurity, called cybersecurity mesh architecture (CSMA), which is a synergetic ecosystem of tools and controls to secure a modern, distributed environment.

How We Got Here

As I wrote in a previous article in 2021, more than 93% of organizations in the cloud are using multicloud solutions—meaning they’re using cloud services from more than one provider. Even with the proliferation of the multicloud approach, the vast majority of organizations still have servers on-premises: According to one 2022 survey, only 7% of organizations are cloud-only. So the prevailing model is a multi-public/private cloud strategy, which we call a distributed cloud.

We used to treat this complex environment as a perimeter: Anything inside the perimeter was safe, and anything outside wasn’t. But with a distributed cloud structure, the perimeter is fragmented. That led to a move to a zero-trust strategy, which assumes you can trust no one and that the network is under threat at all times from internal and external actors.

My company, Q2, operates 14 different cloud hosting environments (including AWS, Azure and data centers), protecting over 35 million end users and 41 petabytes of data. In such a complicated atmosphere, the challenge is developing a robust security posture that is the same in every environment, which requires different sets of tools for the public and private clouds.

Organizations operating in a distributed cloud environment end up with dozens of different tools that are constantly being updated, overwhelming security teams to the point that it compromises security. With every new threat, a new tool or new configuration needs to be implemented. Anytime a change is made to the system, many of those tools need to be updated, and this all introduces the possibility of misconfiguration and human error—not to mention that security teams are being inundated with separate security notifications from all those tools.

One solution has been to put all the data into a data lake and to use a SIEM (security information event management) tool to centralize security alerts, often with SOAR (security orchestration, automation and response) technology. Using SIEM and SOAR, anomalies (suspicious activity) can be reported, analyzed and acted upon. The problem with this architecture is that enormous amounts of data cannot be processed in real time, and a human has to get involved in the response. By the time a human is notified, triages and takes action, the systems are already under attack.

The Next Evolution

Enter CSMA, which removes the monitoring, analyzing, correlating and human element from the equation. Instead, when one tool detects a threat, it informs the other tools, and often AI is used to determine and execute the best response. The result is reduced administration complexity, fewer mistakes, increased visibility and a better coordinated, automated response in real time. Moreover, the tools can be updated and administered from a central plane.

A Market-Driven Approach

Mesh architecture isn’t a product or service; it’s a strategy. It starts with vendors working with customers that buy into this vision, and instead of feeling threatened that they have to be everything to everybody, they see the empowerment that comes from working together.

There are a couple of leading vendors that are starting the integrations that have a road map for the next six months, and they have the ability to reach out to other vendors and persuade them to join the network. Once a vendor sees an advantage and customers talk about how it’s empowered them with this vision of mesh architecture, then other vendors start their integrations and it picks up steam.

This will all be driven by the market. We need to get to a point where the prevailing thought is that we are all stronger when we work together, and if you (a security tool) can’t connect to the mesh, we don’t want you because that means we have to administer you separately. It means you’re a single point of failure that reduces the overall effectiveness of all the other tools. You’ve got to play in this new game; otherwise, we can’t afford to have you.

In 2022, Gartner called CSMA one of the top seven trends in cybersecurity and predicted that by 2024, organizations adopting mesh architecture would reduce the financial impact of individual security incidents by an average of 90%.

It’s imperative that you not only add CSMA to your strategy but also ensure that you’re implementing tools whose integration will enable you to move on to the next step.

If you think you can afford to ignore cybersecurity mesh, consider this: In 2021, there were at least 66 known zero days (a new vulnerability that has known exploits already present). That number was almost double the 2020 number. We have to move faster.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


Click Here For The Original Source.

National Cyber Security